Offensive Security

A WebSocket Manipulation Proxy with a user interface to capture, intercept, and send custom messages for WebSocket and Socket.IO communications.

A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.

steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Tool for deleting logs on Linux/Windows servers.

A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.

A blog post explaining the concept of Active Directory Trusts and their enumeration and exploitation

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Setup script for Regon-ng

SharpEDRChecker scans system components to detect security products and tools.

Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.

A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.

Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.

Chameleon aids in evading proxy categorization to bypass internet filters.

A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

A vulnerable web site in NodeJS for testing security source code analyzers.

A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.

A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.

A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.